Apply on Employer Site

San Francisco Department of Public Health · 23 hours ago

Chief Information Security Officer (0933 Manager V) - Department of Public Health

San Francisco, CA

Full-time

Onsite

Lead/Staff, Director/Executive

$183K/yr - $234K/yr

5+ years exp

The San Francisco Department of Public Health is seeking a dynamic and experienced cybersecurity professional to join its IT leadership team. The Chief Information Security Officer (CISO) will be responsible for developing and executing a comprehensive information security strategy that safeguards the department’s systems, data, and services.

AssociationGovernmentHealth CareMedicalNon Profit

Growth Opportunities

Responsibilities

Provides strategic leadership in evaluating and mitigating information security threats across the organization using a structured, risk-based methodology. Advises executive leadership on identified risks and ensures timely execution of mitigation and remediation plans with integrity and discretion

Directs the ongoing development of the department’s information security program, including project portfolio management, incident response, policy frameworks, compliance activities, threat and vulnerability management, and third-party risk management

Allocates and manages resources to support a robust security strategy. Identifies and advocates for strategic investments, oversees capital and operating budgets, and delivers ROI analyses and budget recommendations

Partners with the Office of Compliance and Privacy Affairs to assess data security risks related to contracts, projects, artificial intelligence solutions, and other initiatives. Develops tools and interventions to mitigate risks, establishes performance metrics, and monitors compliance through audits and assessments

Builds alignment and support for security goals and initiatives across internal and external stakeholders. Communicates effectively with leadership at all levels on trends, risks, and the overall effectiveness of the security program

Promotes awareness and understanding of regulatory requirements across the organization. Leads or collaborates on testing and auditing activities to ensure ongoing compliance and successful certifications

Analyzes security requirements and ensures compliance with industry standards such as HIPAA, NIST, and PCI-DSS

Establishes and maintains comprehensive policies and procedures to support effective and sustainable security operations

Serves as the department’s representative in security-related matters with City agencies and partners

Continuously monitors emerging trends, technologies, and best practices in cybersecurity to ensure the department’s security posture remains current and effective

Qualification

Information Security StrategyRisk ManagementCybersecurity ComplianceHealthcare Information SystemsCISSP CertificationCISM CertificationIncident ResponsePolicy DevelopmentStakeholder EngagementLeadershipCommunication SkillsTeam Management

Required

Bachelor's degree from an accredited college or university

Five (5) years of professional healthcare information systems security experience, of which three (3) years must include supervising IT professionals

Knowledge of local, State and Federal laws and regulations relating to information security, including but not limited to HIPAA and HITECH

Knowledge of information security technology frameworks and standards, including but not limited to NIST, HITRUST, COBIT, ISO 27001, PCI-DSS or similar cyber security frameworks

Knowledge of technology relating to enterprise wide information security protection

Knowledge of structured systems analysis and design practices and techniques

Knowledge of common operating systems software and relational database systems

Knowledge of hospitals or community health network environments

Ability to apply principles and practices of management, administration, budgeting, training, and personnel management

Ability to manage, supervise, train and coordinate complex functional area of responsibility and groups of employees

Ability to analyze and report on activities, issues and problems and recommend appropriate solutions

Ability to communicate effectively orally

Ability to communicate effectively in writing

Ability to exercise judgement, decisiveness and creativity required in situations involving the direction, control and planning of a program(s)

Ability to manage critical timelines effectively

Ability to establish and maintain good working relationships with department personnel, staff, vendors, peers, and management, and engage and influence a broad range of stakeholders (e.g. HR, IT, Legal, Compliance, senior management, etc.)